Register-Event1.ps1

1. <# 
2. .SYNOPSIS 
3.     This script registers for a WMI event 
4. .DESCRIPTION 
5.     This script used PowerShell to register for then display 
6.     an event. This script is a re-write on an MSDN Sample. 
7. .NOTES 
8.     File Name  : Register-Event1.ps1 
9.     Author     : Thomas Lee - tfl@psp.co.uk 
10.     Requires   : PowerShell Version 2.0 
11. .LINK 
12.     This script posted to: 
13.         http://www.pshscripts.blogspot.com 
14.     MSDN sample posted tot: 
15.         http://msdn.microsoft.com/en-us/library/aa393013%28VS.85%29.aspx 
16. .EXAMPLE 
17.     [PSH] C:\FOO> Register-Event1.ps1 
18.     Waiting for events 
19.     Log Event Occured 
20.     EVENT MESSAGE 
21.     A logon was attempted using explicit credentials. 
22.  
23.     Subject: 
24.     Security ID:        S-1-5-21-2824006062-479960714-4144511058-1105 
25.     Account Name:       tfl 
26.     ...  -> Reminder snipped for brevity 
27.     
28. #> 
29.  
30. # Define event Query 
31. $query = "SELECT * FROM __InstanceCreationEvent  
32.           WHERE TargetInstance ISA 'Win32_NTLogEvent' " 
33.  
34. # Register for event - also specify an action that 
35. # displays the log event when the event fires. 
36. Register-WmiEvent -Source Demo1 -Query $query -Action { 
37.                 Write-Host "Log Event occured" 
38.                 $global:myevent = $event 
39.                 Write-Host "EVENT MESSAGE" 
40.                 Write-Host $event.SourceEventArgs.NewEvent.TargetInstance.Message} 
41. # So wait 
42. "Waiting for events" 

Technorati Tags: PowerShell,scripts,WMI,Eventing